Mandriva Linux Security Advisory : kernel (MDVSA-2009:329)

This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Some vulnerabilities were discovered and corrected in the Linux 2.6
kernel :

Memory leak in the appletalk subsystem in the Linux kernel 2.4.x
through 2.4.37.6 and 2.6.x through 2.6.31, when the appletalk and
ipddp modules are loaded but the ipddpN device is not found, allows
remote attackers to cause a denial of service (memory consumption) via
IP-DDP datagrams. (CVE-2009-2903)

Multiple race conditions in fs/pipe.c in the Linux kernel before
2.6.32-rc6 allow local users to cause a denial of service (NULL
pointer dereference and system crash) or gain privileges by attempting
to open an anonymous pipe via a /proc/*/fd/ pathname. (CVE-2009-3547)

The tcf_fill_node function in net/sched/cls_api.c in the netlink
subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6
and earlier, does not initialize a certain tcm__pad2 structure member,
which might allow local users to obtain sensitive information from
kernel memory via unspecified vectors. NOTE: this issue exists because
of an incomplete fix for CVE-2005-4881. (CVE-2009-3612)

net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows
local users to cause a denial of service (system hang) by creating an
abstract-namespace AF_UNIX listening socket, performing a shutdown
operation on this socket, and then performing a series of connect
operations to this socket. (CVE-2009-3621)

Integer overflow in the kvm_dev_ioctl_get_supported_cpuid function in
arch/x86/kvm/x86.c in the KVM subsystem in the Linux kernel before
2.6.31.4 allows local users to have an unspecified impact via a
KVM_GET_SUPPORTED_CPUID request to the kvm_arch_dev_ioctl function.
(CVE-2009-3638)

The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client
in the Linux kernel before 2.6.31-rc4 allows remote NFS servers to
cause a denial of service (NULL pointer dereference and panic) by
sending a certain response containing incorrect file attributes, which
trigger attempted use of an open file that lacks NFSv4 state.
(CVE-2009-3726)

The ip_frag_reasm function in ipv4/ip_fragment.c in Linux kernel
2.6.32-rc8, and possibly earlier versions, calls IP_INC_STATS_BH with
an incorrect argument, which allows remote attackers to cause a denial
of service (NULL pointer dereference and hang) via long IP packets,
possibly related to the ip_defrag function. (CVE-2009-1298)

To update your kernel, please follow the directions located at :

http://www.mandriva.com/en/security/kernelupdate

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.1
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 48161 (mandriva_MDVSA-2009-329.nasl)

Bugtraq ID: 36379
36723
36803
36827
36901
36936

CVE ID: CVE-2009-1298
CVE-2009-2903
CVE-2009-3547
CVE-2009-3612
CVE-2009-3621
CVE-2009-3638
CVE-2009-3726
CVE-2009-4131

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now